https://community.cisco.com/t5/network-security/asa-stops-sending-ospf-hellos/m-p/628117#M422503 <HTML><HEAD></HEAD><BODY><P>Hi Sundar,</P><P>Many thanks for your assistance, this looks very similar to the problem that happened. I think I found out the root cause of the problem, the DC were changing the power to a metered power system that weekend, and seems the ASAs were booted before the 3750 stack, hence the arp cache corruption.</P><P>Currently with the ASAs working, I have the following Mac addresses, which one would you suggest needs to have a static entry;</P><P>Inside 192.168.16.3 0018.7317.93fb (the failover asa)</P><P>Inside 224.0.0.5 0100.5e00.0005</P><P>Inside 192.168.16.1 0019.2f70.8044 (3750 stack).</P><P>Inside MAC address 0018.1900.3a3f (the active asa inside address).</P><P></P><P>Do I need a static arp on the 3750 stack as well, this was sending hellos ok during the problem?</P><P></P><P>Thanks again for your expert advice.</P><P></P><P>Best regards, Adrian.</P></BODY></HTML> Mon, 26 Feb 2007 09:24:11 GMT aoshea 2007-02-26T09:24:11Z https://community.cisco.com/t5/network-security/asa-stops-sending-ospf-hellos/m-p/628113#M422499 <P>ASA Stops sending OSPF hellos</P><P>Dear Support,</P><P>Wondering if anyone else has come across this problem, but have two Cisco ASA 5510s ASA V7.2(1), DM V5.2(1) (in active/passive failover configuration). These are connected to a pair of 3750G-48-EMIs in a stack, OSPF is running on both, The ASAs are redistributing the outside, and DMZ interfaces by a defined route-map.</P><P>Everything normally works fine, but today I found that the neighbour relationship between the ASAs and 3750s had broke. I tried clearing the OSPF process on both the ASAs and 3750, but this would not resolve the problem. The 3750 would not show the ASAs in the neighbour list, but did have other devices (via a point-to-point link) as FULL state. The ASAs however would show the 3750s as INIT/DROTHER state.</P><P></P><P>Debugs showed that the ASAs were receiving hellos from the 3750s but was not sending any. The 3750s showed it was sending hellos but not receiving any from the ASAs</P><P></P><P>To resolve I had to reboot the ASAs. This is not my preferred solution as should not need to do this.</P><P></P><P>Has anyone else come across this problem, and is there a resolution? Or a bug track id?</P><P></P><P>Thank you in advance for your assistance.</P><P></P><P>I always rate helpful replies.</P><P></P><P>Best regards, Adrian</P><P></P> Fri, 21 Feb 2020 09:25:09 GMT https://community.cisco.com/t5/network-security/asa-stops-sending-ospf-hellos/m-p/628113#M422499 aoshea 2020-02-21T09:25:09Z https://community.cisco.com/t5/network-security/asa-stops-sending-ospf-hellos/m-p/628114#M422500 <HTML><HEAD></HEAD><BODY><P>Hello adrian</P><P></P><P>How frequent does this happen ?? I saw a bug ID CSCsd97134 - PIX/ASA ignores OSPF DBDs during adajency building , but this has been resolved in 7.2(1) , as per the release notes... might be some other issue.. </P><P></P><P>Is the ASA in active-standby or active-active mode ? with active/active routing protocols will have issues... can you post us the configs if possible?</P><P></P><P>Raj</P><P> </P></BODY></HTML> Fri, 23 Feb 2007 00:27:21 GMT https://community.cisco.com/t5/network-security/asa-stops-sending-ospf-hellos/m-p/628114#M422500 sachinraja 2007-02-23T00:27:21Z https://community.cisco.com/t5/network-security/asa-stops-sending-ospf-hellos/m-p/628115#M422501 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Your symptoms seem to indicate you may be affected by this bug. If you are running one of the affected codes then apply the workaround suggested.</P><P></P><P>CSCsg00914 Bug Details </P><P> </P><P>Headline OSPF neighbors dont form due to corrupted arp entry</P><P>Product pix-asa</P><P>Feature Unicast Routing Components Duplicate of </P><P>Severity 3 Severity help Status Verified Status help</P><P>First Found-in Version 7.2(1), 7.0(6) First Fixed-in Version 7.2(2), 7.2(1.26), 7.1(2.30), 7.0(6.10), 8.0(0.111) Version help</P><P>Release Notes</P><P> </P><P>Symptom:</P><P>OSPF neighbors don't form</P><P></P><P>Conditions:</P><P>show ospf neighbors on the ASA running</P><P>7.2.1 displays the neighbors in INIT/DROTHER state.</P><P></P><P>The ASA may be attempting to send OSPF packets to a MAC address other than the</P><P>intended one, though non broadcast is disabled on the interface.</P><P></P><P>Workaround:</P><P>Clear the arp cache on the asa. If clearing the arp does not work, try adding a</P><P>static arp entry.</P><P></P><P>Further Problem Description:</P><P>A show arp should list the multicast address on the ASA.</P><P></P><P></P><P>HTH</P><P></P><P>Sundar</P></BODY></HTML> Fri, 23 Feb 2007 00:43:47 GMT https://community.cisco.com/t5/network-security/asa-stops-sending-ospf-hellos/m-p/628115#M422501 sundar.palaniappan 2007-02-23T00:43:47Z https://community.cisco.com/t5/network-security/asa-stops-sending-ospf-hellos/m-p/628116#M422502 <HTML><HEAD></HEAD><BODY><P>Hello sundar,</P><P></P><P>You hit the nail right on the head !!! surprising to see this through bug tool kit, but not included on the release notes of 7.2(1) !!!! I thought the release notes were the most authentic info ever that I will get <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> </P><P></P><P>Cheers</P><P>Raj</P></BODY></HTML> Fri, 23 Feb 2007 00:56:14 GMT https://community.cisco.com/t5/network-security/asa-stops-sending-ospf-hellos/m-p/628116#M422502 sachinraja 2007-02-23T00:56:14Z https://community.cisco.com/t5/network-security/asa-stops-sending-ospf-hellos/m-p/628117#M422503 <HTML><HEAD></HEAD><BODY><P>Hi Sundar,</P><P>Many thanks for your assistance, this looks very similar to the problem that happened. I think I found out the root cause of the problem, the DC were changing the power to a metered power system that weekend, and seems the ASAs were booted before the 3750 stack, hence the arp cache corruption.</P><P>Currently with the ASAs working, I have the following Mac addresses, which one would you suggest needs to have a static entry;</P><P>Inside 192.168.16.3 0018.7317.93fb (the failover asa)</P><P>Inside 224.0.0.5 0100.5e00.0005</P><P>Inside 192.168.16.1 0019.2f70.8044 (3750 stack).</P><P>Inside MAC address 0018.1900.3a3f (the active asa inside address).</P><P></P><P>Do I need a static arp on the 3750 stack as well, this was sending hellos ok during the problem?</P><P></P><P>Thanks again for your expert advice.</P><P></P><P>Best regards, Adrian.</P></BODY></HTML> Mon, 26 Feb 2007 09:24:11 GMT https://community.cisco.com/t5/network-security/asa-stops-sending-ospf-hellos/m-p/628117#M422503 aoshea 2007-02-26T09:24:11Z https://community.cisco.com/t5/network-security/asa-stops-sending-ospf-hellos/m-p/628118#M422504 <HTML><HEAD></HEAD><BODY><P>Adrian,</P><P></P><P>The bug workaround suggests adding static ARP for the neighbor device. Add a static ARP entry for the 3750 on your ASA. The bug only applies to ASA and hence, you shouldn't need a static entry on the 3750.</P><P></P><P>HTH</P><P></P><P>Sundar</P><P></P><P></P><P></P><P></P></BODY></HTML> Mon, 26 Feb 2007 21:39:49 GMT https://community.cisco.com/t5/network-security/asa-stops-sending-ospf-hellos/m-p/628118#M422504 sundar.palaniappan 2007-02-26T21:39:49Z